Next Generation WAN powered by

VeloCloud SD-WAN
The leading SD WAN Provider

Confidential │ ©2018 VMware, Inc.

NSX SD-WAN by VeloCloud At-a-Glance
Company Background

• Company Founded Nov 2012

• Acquired by VMware in 2017
• 2,000+ Customers (Additional 2,500 via SPs)
• 80,000+ Active Sites
• World’s Two Largest Enterprise SD-WAN Deployments
• Powers Global Tier 1 & Tier 2 Service Providers
• Global Footprint:
– 24x7x365 Worldwide Support
– 70+ Countries
• Robust Partner Ecosystem:

Confidential │ ©2018 VMware, Inc. 2

VMware Named as a Leader
in the Gartner Magic Quadrant for WAN
Edge

VMware SD-WAN by
VeloCloud

Positioned Furthest on Completeness of

Vision

Leader in the Ability to Execute

Source: Gartner, Inc., Magic Quadrant for Enterprise Mobility Management Suites, October 10, 2018.
This graphic was published by Gartner, Inc. as part of a larger research document and should be evaluated in the context of the entire document. The Gartner document is available upon request from VMware.
Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner's research organization and should not be construed as
statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.

Confidential │ ©2018 VMware, Inc. ‹#› 3

SD-WAN Market Share Recognition

4
Enterprise and Service Provider Focus:
2000+ Customers, 52 Service Providers
Multi-National Enterprise Retail Sub-Segment Large Enterprise Mid-Tier Enterprise Unified Communications

Tier 1/Tier 2 Service Providers

Confidential │ ©2018 VMware, Inc. 5

Current State of the Enterprise WAN
Inefficiencies emerge

Branch
Active Link MPLS
LAN EM

Data Center
Router Backup
Link
IPSec
Router

Branch
Active Link Internet
LAN Firewall Apps
Backup Link
Router
IPSec

SAAS

Confidential │ ©2018 VMware, Inc. 7

Current State of the Enterprise WAN
Application Migration to XaaS

Branch
Active Link MPLS
LAN EM

Data Center
Router Backup
Link
IPSec
Router
§ Apps migration to the cloud
Branch

LAN
Active Link Internet
Firewall Apps
§ Distributed approach
Backup Link
Router § Closer to the consumer base
IPSec

§ DC’s are being consolidated

SAAS

Confidential │ ©2018 VMware, Inc. 8

Current State of the Enterprise WAN
Network paths to cloud services are unpredictable

Branch
Active Link MPLS
LAN EM

Data Center
Router Backup
Link
IPSec
Router

Branch
Active Link Internet
LAN Firewall Apps
Backup Link
Router
IPSec

§ Real Time Apps available (e.g. VOIP)

SAAS § Publicly reachable services
§ No QoS / SLA’s available

Confidential │ ©2018 VMware, Inc. 9

Current State of the Enterprise WAN
MPLS is designed for DC access

§ Not able to reach cloud directly

§ DC Backhauling increases latency
§ Expensive for carrying SaaS traffic

Branch
Active Link MPLS
LAN EM

Data Center
Router Backup
Link
IPSec
Router

Branch
Active Link Internet
LAN Firewall Apps
Backup Link
Router
IPSec

SAAS

Confidential │ ©2018 VMware, Inc. 10

Current State of the Enterprise WAN
Branch WAN Networking Cost Pressures

Branch
Active Link MPLS
LAN EM

Data Center
Router Backup
Link
IPSec
Router

Branch
Active Link Internet
LAN Firewall Apps
Backup Link
Router
§ Cost pressures (OPEX) IPSec

§ Unused standby links

§ Undersized links à WANop deployed (CAPEX) SAAS
§ No Same link redundancy (changing conditions)
§ Provider concentration risk

Confidential │ ©2018 VMware, Inc. 11

Enterprise WAN Is Getting Increasingly COMPLEX
• 50-80% Backhaul
• 50% -> Hybrid WAN
• Lifting & Shifting to Cloud SaaS
Salesforce.com
Dropbox
IaaS/PaaS
GCP AWS
Office365

DATA CENTER
DATA CENTER LEASED LINES

BRANCH BRANCH

BRANCH

BRANCH
BRANCH
BRANCH
BRANCH
Loss of Control
Control LEASED LINES
DATA CENTER
Lack of Visibility
Visibility
Control BRANCH Security Challenges
Visibility Cost BRANCH
DATA CENTER
DR SITE SLAs Not Met
Cost Security
Security Hybrid Cloud Complexity
Plan-Driven
Plan-Driven Unpredictable Performance
Long
Long Cycle Cycle Times
Times
Network Bottleneck

12
Financial drivers
Looking for broadband pricing & MPLS quality

MPLS DIA (Dedicated Internet Access) Broadband

§ Dedicated Access § Dedicated Access § Shared Access

§ Dedicated Core § Shared Core § Shared Core
§ Availability SLA 99.9+% § Availability SLA 99.5+% § No availability SLA
§ Packet delivery SLA § No delivery guarantee § No delivery guarantee
§ $ 50 ~ 500 / Mbps § $ 10 ~ 30 Mbps § $ 1~3 / Mbps
§ Deliver in months (1 ~ 6) § Deliver in weeks (3 ~ 6) § Deliver in days (4 ~ 6)

Confidential │ ©2018 VMware, Inc. 13

Solution Components
Functions

NSX SD-WAN NSX SD-WAN NSX SD-WAN

Edge Orchestrator Gateways

§ Virtual Edge § Multi-tenant cloud-based § Optimized cloud on-ramp to the

management, configuration & doorstep of SaaS & IaaS
§ Hardware fulfilled by Dell monitoring portal
§ Fully managed and operated by
§ Flexibility in Deployment § NSX SD-WAN Service or SP VMware and SPs
§ Purpose-built hardware hosted, and on-premises at
§ Virtual Edge for cloud or white box enterprise § Multi-tenant
§ Services platform for VNF § Strategic world-wide locations,
§ Business policy abstraction
§ For branch, datacenter top-tier network PoPs
and cloud § ReST API based
§ Enables fast deployment,
zero-touch operations

Confidential │ ©2018 VMware, Inc. 15

All-in-One SD-WAN Orchestration
Multi-tenant managed IT portal | Enterprise wide | Site drill down: link and usage discovery

• Zero touch provisioning

• Group business level policies
• Automatic link profiling
VeloCloud Networks Proprietary & Confidential
16 | © Copyright 2016 VeloCloud Networks Proprietary & Confidential | © Copyright 2017
Central Visibility
Link Data, Quality Scoring & Activity
Insight into link metric and collected meta data
Link Quality Scoring
Link Characteristics

Link Utilization

Confidential │ ©2018 VMware, Inc. 17

Legacy Networks Cannot Support Today’s Edge

Private Line Is 100X the Cost of Broadband Deployment Takes Months

Capex of $20K-$50K per Branch Applications Run Slow

Private Line
(MPLS)

Branch
MPLS+CABLE+DSL+LTE Datacenter
100’s to 1000’s
MPLS CABLE DSL LTE
Confidential │ ©2018 VMware, Inc. 18
Zero Touch Provisioning
Simple, Deploy in minutes

Confidential │ ©2018 VMware, Inc. 19

Zero touch activation Demo

Confidential │ ©2018 VMware, Inc. 20

 One-Click VPN Deployment
Automatic VPN setup
• To enterprise DC hub with dynamic branch to
branch
• Eliminates N x N manual tunnels to cloud with
cloud gateway aggregation
• Interoperable IPsec for no touch legacy DC
• End-to-end encryption

Branch Non-VeloCloud
Site Enterprise DC

Enterprise DC

Confidential │ ©2018 VMware, Inc. 21

Secure SD-WAN Advantages
Scalable SD-WAN Edge Authentication and Key Management

Legacy VPN 1 Legacy VPN 2 SD-WAN

Features Legacy 1 (Secure + Complex) Legacy 2 (Simple + Insecure) SD-WAN

PKI ✓ ✗ ✓

Unique encryption key ✓ ✗ ✓

Secure Onboarding ✓ ✗ ✓

Centralized Orchestrator ✗ ✓ ✓

Integrated CA ✗ ✗ ✓

Tunnel Integrity Check ✗ ✗ ✓

22 VeloCloud Networks Proprietary & Confidential | © Copyright 2017

 Dynamic Multi-Path Optimization
Assured Application performance over MPLS, Internet broadband and LTE circuits

Continuous Monitoring Dynamic App Steering On Demand Remediation

ü Automatic capacity testing ü App aware per Packet Steering
ü Continuous link & path quality monitoring ü Aggregated bandwidth for single flows
ü MPLS Class-of-Service aware ü Dynamic link policy - Sub second traffic
steering
Link Detection
Congestion Detection • Error Correction
• TCP Optimization
ü Error & jitter correction
ü Automatic steering for brownouts/blackout
ü Enables single link performance
• App Quality
Score

• Single or Multi- Link

Application Performance Reporting
Acceleration

SD-WAN Solution – Performance Over A Single Circuit

Confidential │ ©2018 VMware, Inc. 23

SD-WAN Solution – SaaS/Data Performance

10x faster response time

Dual 20Mbps Links / 50 MB Box File Transfer

Without NSX SD-WAN NSX SD-WAN

by VeloCloud by VeloCloud

No Loss 22 sec 12 sec

2% Packet Loss 134 sec 13 sec

Confidential │ ©2018 VMware, Inc. 24

Enhance User Experience

Video conference over a WAN link with 2% packet loss

Without Velocloud SD-WAN With Velocloud SD-WAN

Confidential │ ©2018 VMware, Inc. 25

Optimized Office365 Performance
O365 on a Single Link (Brownout condition) from Branch in Thailand to Gateway in Singapore

VeloCloud

Non-SDWAN

Confidential │ ©2018 VMware, Inc. 26

Deep Application Recognition (DAR)

Learning database
Deep Packet Inspection Cached DPI result to assist Cloud service directory
Application recognition & with first packet Up-to-date database of
application metadata classification cloud service IPs

2500+ Applications

27 VeloCloud Networks Proprietary & Confidential | © Copyright 2017

Application Aware Overlay QoS Scheduling
Offer 9 traffic classes

Enterprises or SPs can specify guaranteed and

max BW for each class

Each rule in business policy maps to a traffic class

High Normal Low High Normal Low

Real-Time
Business
Collaboration
Audio/Video
35 15 1
Real-Time

Infrastructure,

20 7 1
Authentication, IM, Web, Proxies,
Remote Desktop,
Management, Games, Media,
Business App
Network Services, Social
Transactional Tunneling Transactional

Bulk
Email File Sharing
Storage/Backup,
P2P 15 5 1
Bulk

28 VeloCloud Networks Proprietary & Confidential | © Copyright 2017

Monitor application usage

Confidential │ ©2018 VMware, Inc. 29

Policy-based Traffic Redirection & Service Insertion

1 Non-critical Internet
2 Critical SaaS
traffic, e.g. Netflix
applications & Internet
backhaul to CWS

Internet/MPLS

Branch Edge
§ Inbound QoS coordinates and ensures traffic
between multiple sources and avoid overrun
Hub Edge
3 On-prem applications &
Internet backhaul
§ VCG provides QoS, prioritization,
brownout/blackout protection for direct to cloud
30 traffic VeloCloud Networks Proprietary & Confidential | © Copyright 2017
Simplify WAN Management – Business Policy Framework
Legacy WAN: ACL, IP address, subnets
SD-WAN: App-level policy

Legacy WAN: Need to put application in the right

queue by marking and configuring QoS
SD-WAN: App-awareness to choose the right queue

Legacy WAN: Complex routing tuning & PBR to do

split tunnel
SD-WAN: App-aware split tunnel policy & single click

Legacy WAN: Routing protocol tuning, probes, PBR

SD-WAN: Dynamic path selection

31 VeloCloud Networks Proprietary & Confidential | © Copyright 2017

Ease of Network Services Insertion
• One-click service insertion
• Virtual services platform at branch
• Optimized performance to remote cloud and
centralized enterprise services
• Partner ecosystem

Other Web traffic

Salesforce.com Internet

Web email

Branch Site

Enterprise DC
Or
On Premise Regional Hubs
Email DLP

32 VeloCloud Networks Proprietary & Confidential | © Copyright 2017

PCI DSS 3.2 Certified SD-WAN
Ensure PCI compliance in a simple, efficient, and cost-effective manner

The first and only solution to offer All VeloCloud components

PCI-Certified Cloud-Delivered SD-WAN are PCI Compliant

Retailers benefit from VeloCloud VeloCloud is a PCI DSS (v3.2)

PCI AOC to simplify PCI Audit Level 1 Service Provider

Partner Gateway

GUEST
PCI

Direct IPSec
EntA-Branch PCI Network

Confidential │ ©2018 VMware, Inc. EntA-Hub 33

SD-WAN Architecture

Confidential │ ©2018 VMware, Inc. 34

 VeloCloud Cloud-Delivered SD-WAN
VeloCloud’s Network Service Consists of 3 Key Components

1
VeloCloud
Orchestrator

1
Orchestrator
Cloud
2

VeloCloud
Public Gateways
3 Internet
2
Cloud Branch Sites Dynamic Multi-Path 2 Enterprise Data Center
Gateway via Cloud Gateway
with VeloCloud Edges Optimization

Private 3
MPLS
3 3 Enterprise Data Center
Edge
with VeloCloud Edge

Confidential │ ©2018 VMware, Inc. 35

 2017 Cloud Infrastructure – Global Reach
99.99% SSAE16
Cloud Scale
Reliability SLA Type II Audited
Redundancy
Datacenters

Regions
30

Orchestrators Gateways
64+ 660+
Confidential │ ©2018 VMware, Inc. 36
VeloCloud Hybrid WAN Architecture

SD-WAN CPE

VRRP
With VRRP
To Core
Switch
(Campus/D
C)
SD-WAN with
L3 SW and routing
VCE
protocol Cluster
OSPF/BGP
SD-WAN CPE

…
Hybrid Site

Non-SD-WAN
Site

SD-WAN CPE Datacenter/

Internet only Regional Hub

37 VeloCloud Networks Proprietary & Confidential | © Copyright 2017

Spoke/Branch Edge High Availability Design Options
HA options for sites of different scale & size

Standard HA Enhanced HA VRRP

§ Hardware redundancy § Same benefits as standard HA § Edge is VRRP master

§ Upstream switch requirement § Upstream L2 switch elimination § Failover to MPLS CE router

§ Standby unit sync to active § Recommended to have more than 2 § Common during migrations
links

§ Both Edge & Link failure may trigger

HA failover

Internet MPLS MPLS

Internet
Internet MPLS

Confidential │ ©2018 VMware, Inc. 38

Hub Redundancy Design Options
HA options for sites of different scale & size

HA (BRANCH or HUB) Clustering (HUB ONLY)

§ Hardware redundancy § Scale out & redundancy

Fails to an identical device N+1 redundancy
§ 2nd unit is standby on control plane § All edges in cluster are active
but active for data plane services
§ BGP used to synchronize control
§ Standby unit sync to active plane

MPLS Internet MPLS

Internet

Confidential │ ©2018 VMware, Inc. 39

Distributed Services Insertion
VeloCloud Dynamic Multipath Optimization
delivers application performance and reliability Cloud Security Service
to cloud

Single-click Application-Aware Policies

for granular service insertion
Internet / web

Automated tunneling eliminates site by site

configurations

c e
PS
yI
rla
ve
VeloCloud

n-O
ion
izat Gateway

No
p t im
Branch Site th O
lt i-Pa
u
m ic M
a
Dyn

Dynamic Multi-Path Optimization

VeloCloud
Edge
VeloCloud
Edge Hub
Virtual Branch
VeloCloud Virtual Ready Edge On Premises Security
Services
Corporate / Regional
Confidential │ ©2018 VMware, Inc. 40
Virtual Services Delivery

Micro to Small Branch Small to Midsized Branch Large Branch/DC

NSX SD-WAN NSX SD-WAN Edge NSX SD-WAN

Edge by VeloCloud by VeloCloud Services Platform by VeloCloud VNF

CPE

Analytics
SDWAN

IoT GW
NGFW

App X
File
NSX / vSAN
• No local apps • No local apps
• Cloud or • One networking VNF
integrated (e.g. NGFW)
• Local apps
security
• Many VMs including
network services

Confidential │ ©2018 VMware, Inc. 41

MULTI-GIGABIT PERFORMANCE AND SCALE

100 Mbps 200 Mbps 1 Gbps 2 Gbps 5 Gbps Multi-Gigabit

Edge 2000
Edge 510 Edge 520 Edge 540 Edge 840 Edge 1000 5Gbps Edge Edge Cluster

4-Port GE 10-Port GE 10-Port GE 6-Port GE 8-Port GE 6-Port GE

2-USB—LTE 2-Port SFP 2-Port SFP 2-Port SFP+ 2-Port SFP+ 2-Port SFP+
WiFi 4-USB—LTE 4-USB—LTE
WiFi WiFi

42 VeloCloud Networks Proprietary & Confidential | © Copyright 2017

Flexible Virtual Form Factor

Hypervisor

Provide same functionality as the physical appliance

Support both paravirtualized driver and SR-IOV

Tested on whitebox CPE such as Juniper NFX250, Ciena 3906mvi

Support cloud-init for no touch bootstrapping & activation

43 VeloCloud Networks Proprietary & Confidential | © Copyright 2018

Full Support for Cloud Deployment

3rd party AWS SD-WAN Buyer Guide available (http://go.awspartner.com/esg-sd-wan-report)

44 VeloCloud Networks Proprietary & Confidential | © Copyright 2017

THANK YOU

Confidential │ ©2018 VMware, Inc. ‹#› 45